Web Reputation settings
The Web Reputation module protects against web threats by blocking access to malicious URLs. Deep Security uses Trend Micro's Web security databases from Smart Protection Network sources to check the reputation of Web sites that users are attempting to access. The Web site's reputation is correlated with the specific Web reputation policy enforced on the computer. Depending on the Web Reputation Security Level being enforced, Deep Security will either block or allow access to the URL.
The Web Reputation configuration for this Policy or computer inherits its on or off state from either its parent Policy unless you choose to override it.
The Web Reputation section of the policy editor and computer editor has the following tabbed sections:
You can configure this Policy or Computer to inherit its Web Reputation On/Off state from its parent Policy or you can lock the setting locally.
The Web Reputation rating system assigns the following risk levels to URLs:
- Dangerous: A URL that has been confirmed as fraudulent or a known source of threats
- Highly Suspicious: A URL that is suspected to be fraudulent or a known source of threats
- Suspicious: A URL that is associated with spam or possibly compromised
- Safe: A URL that is not a risk
Select a security level to implement:
High: blocks pages that are:
- Highly suspicious
Medium: blocks pages that are:
- Highly suspicious
Low: blocks pages that are:
Block pages that have not been tested by Trend Micro: Blocks pages that are:
- Unrated by Trend Micro
Exceptions are lists of URLs that are blocked or allowed regardless of their safety ratings.
URLs included in the Allowed list will be accessible regardless of their safety ratings. Multiple URLs can be added at once but they must be separated by a line break. When adding URLs to the Allowed list, select whether to allow all URLs with the same domain or the URL:
- Allow URLs from the domain: Allow all pages from the domain. Sub-domains are supported. Only include the domain (and optionally sub-domain) in the entry. For example, "example.com" and "another.example.com" are valid entries.
- Allow the URL: The URL as entered will be allowed. Wildcards are supported. For example, "example.com/shopping/coats.html", and "example.com/shopping/*" are valid entries.
URLs and URLs containing specified keywords included in the Blocked list are always blocked (unless there is an overriding entry in the Allowed list). Multiple URLs or keywords can be added at once but they must be separated by a line break. When blocking URLs, you select whether to block all URLs from a domain, to block the URL, or to block URLs that contain a specific keyword.
- Block URLs from the domain: Block all pages from the domain. Sub-domains are supported. Only include the domain (and optionally sub-domain) in the entry. For example, "example.com" and "another.example.com" are valid entries.
- Block the URL: The URL as entered will be blocked. Wildcards are supported. For example, "example.com/shopping/coats.html", and "example.com/shopping/*" are valid entries.
- Block URLs containing this keyword: Any URL containing the keyword will be blocked.
Smart Protection Server for Web Reputation Service
Smart Protection Service for Web Reputation supplies web reputation information required by the Web Reputation module. Select whether to connect directly to Trend Micro's Smart Protection service or whether to connect to one or more locally installed Smart Protection Servers.
Select the "When off domain, connect to global Smart Protection Service. (Windows only.)" option to use the global Smart Protection Service if the computer is off domain. The computer is considered to be off domain if it cannot connect to its domain controller. (This option is for Windows Agents only.)
Smart Protection Server Connection Warning
This option determines whether error events are generated and Alerts are raised if a computer loses its connection to the Smart Protection Server.
When users attempt to access a blocked URL, they will be redirected to a blocking page. Provide a link they can use to request access to the blocked URL.
Select whether to raise an Alert when a Web Reputation event is logged.
Select specific ports to monitor for potentially harmful web pages.
Local Event Notification
Display local notifications via the Deep Security Notifier when access to a malicious Web site is blocked. (For more information, see Deep Security Notifier.)
Web Reputation Events are displayed the same way they are in the main Deep Security Manager window except that only events relating to computers using this Policy are displayed.